Bug 66425: Avoid a ClassCastException found via oss-fuzz

We try to avoid throwing ClassCastException, but it was possible
to trigger one here with a specially crafted input-file

Should fix https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61306

git-svn-id: https://svn.apache.org/repos/asf/poi/trunk@1911573 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java
index 70e422b838ec8907cc13b3183f4266ca981f5951..3bdcee13b98d3deb817e5dde41a8d0e8092acaf5 100644 (file)
--- a/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java
+++ b/poi-scratchpad/src/main/java/org/apache/poi/hslf/record/CurrentUserAtom.java
@@ -35,6 +35,7 @@ import org.apache.poi.hslf.exceptions.CorruptPowerPointFileException;
 import org.apache.poi.hslf.exceptions.OldPowerPointFormatException;
 import org.apache.poi.poifs.filesystem.DirectoryNode;
 import org.apache.poi.poifs.filesystem.DocumentEntry;
+import org.apache.poi.poifs.filesystem.Entry;
 import org.apache.poi.poifs.filesystem.POIFSFileSystem;
 import org.apache.poi.util.IOUtils;
 import org.apache.poi.util.LittleEndian;
@@ -120,8 +121,11 @@ public class CurrentUserAtom {
      */
     public CurrentUserAtom(DirectoryNode dir) throws IOException {
         // Decide how big it is
-        DocumentEntry docProps =
-            (DocumentEntry)dir.getEntry("Current User");
+        final Entry entry = dir.getEntry("Current User");
+        if (!(entry instanceof DocumentEntry)) {
+            throw new IllegalArgumentException("Had unexpected type of entry for name: Current User: " + entry.getClass());
+        }
+        DocumentEntry docProps = (DocumentEntry) entry;
 
         // If it's clearly junk, bail out
         if(docProps.getSize() > 131072) {

diff --git a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
index 4dac9d21bdd21d6f1081d3bcf3abe7648c918e88..0af50391dbbc40f2fc8af362ac91eeaf81268c54 100644 (file)
--- a/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
+++ b/poi-scratchpad/src/test/java/org/apache/poi/hslf/dev/BaseTestPPTIterating.java
@@ -60,6 +60,7 @@ public abstract class BaseTestPPTIterating {
     static final Map<String,Class<? extends Throwable>> EXCLUDED = new HashMap<>();
     static {
         EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6416153805979648.ppt", Exception.class);
+        EXCLUDED.put("clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt", RuntimeException.class);
     }
 
     public static Stream<Arguments> files() {

diff --git a/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt
new file mode 100644 (file)
index 0000000..f47228e
Binary files /dev/null and b/test-data/slideshow/clusterfuzz-testcase-minimized-POIHSLFFuzzer-6710128412590080.ppt differ

diff --git a/test-data/spreadsheet/stress.xls b/test-data/spreadsheet/stress.xls
index 76b80d3e770ee7d1f6981b1054b66c88caea02a9..e084a6c0b23cf7dee3c32553d4d9b553c520a715 100644 (file)
Binary files a/test-data/spreadsheet/stress.xls and b/test-data/spreadsheet/stress.xls differ